couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Cottlehuber <d...@muse.net.nz>
Subject Re: authentication behaviour
Date Fri, 11 Nov 2011 07:22:07 GMT
On 30 October 2011 09:48, Benoit Chesneau <bchesneau@gmail.com> wrote:
> Hi all,
>
> I'm starting to hate our authentication system. We have now an
> authentication system which default behaviour is to answer to browsers
> or ajax calls. Ie we redirect on fail login. Last change for example
> in cookie auth make the API raises a 401 only when fail parameter is
> given in the uri.
>
> While this default behaviour may be good for some couchapps, I would
> prefer that the default behaviour would be a full HTTP behaviour, so
> we can consider coudhdb as full store. Also this system doesn't work
> well in some couchapps too. So I propose to have this default HTTP
> behaviour
>
> - forbidden -> raise 403 and return a body
> - unauthenticated -> raise 401 and return a body
>
> And that's all. Redirection should be in my opinion something either
> forced in the settings or via a url params (or headers). That can be
> both. Although, I'm not sure why we have redirection here when we
> could have depending on the Accept header either a json or an html
> page. Anyway, making this redirection something that must be forced is
> something I would like to introduce for 2.0x.
>
> Thoughts ?
>
> - benoƮt
>

+1 in principle. What might this break?

A+
Dave

Mime
View raw message